Patton electronic 2800 Connect the OnSite VPN Router to the network, Load configuration

Page 42

OnSite 2800 Series User Manual	3 • Getting started with the OnSite Managed VPN Router

2. Connect the OnSite VPN Router to the network

Depending whether you connect the OnSite VPN Router to a host directly or via a hub or switch either straight-through wired or cross-over cables must be used (see figure 11).

Network	ETH 0
interface	ETH 0
	Cross-over cable

Host

Power Run

Link

100M		Activity
100M
Enet	0

Router

VPN

IPLink

Link	100M		Activity
	Enet	1

IPLink Router

Network	Hub
interface	ETH 0
Straight-through	Straight-through
wired cable	wired cable
Host	Power
	Run

Figure 11. Connecting the OnSite VPN Router to the network

Link

100M		Activity
Enet	0

Router

VPN

IPLink

Link	100M		Activity

	Enet	1

IPLink Router

You can check the connection with the ping command to another host on the local LAN.

172.16.1.99(if-ip)[eth0]#ping <IP Address of the host>

Respectively from the host: ping 172.16.1.99

Note To ping outside your local LAN, you will need to configure the default gateway.

3. Load configuration

Patton provides a collection of configuration templates on the CD-ROM that came with the OnSite device, one of which may be similar enough to your application that you can use it to speed up configuring the OnSite router. Simply download the configuration note that matches your application to your PC. Adapt the configu- ration as described in the configuration note to your network (remember to modify the IP address) and copy the modified configuration to a TFTP server. The OnSite VPN Router can now load its configuration from this server.

In this example we assume the TFTP server on the host with the IP address 172.16.1.11 and the configuration named IPL.cfg in the root directory of the TFTP server.

172.16.1.99(if-ip)[eth0]#copy tftp://172.16.1.11/IPL.cfg startup-config

Download...100%

172.16.1.99(if-ip)[eth0]#

2. Connect the OnSite VPN Router to the network

42

Image 42

Contents Managed VPN Router Mailsupport@patton.com Summary Table of Contents Table of Contents Getting started with the OnSite Managed VPN Router VPN configuration LEDs status and monitoring 112 Cabling 124 OnSite 2800 Series factory configuration 132 List of Figures List of Tables About this guide AudienceStructure Precautions Impaired functioningSafety when working with electricity General observations Typographical conventions used in this document General conventionsChapter contents General informationOnSite Model 2800 Series overview OnSite Managed VPN Router 2805 shownOnSite 2800 Series detailed description OnSite 2800 Series model codesDMZ OnSite 2800 Series power input connectors Model code extensionsPorts descriptions OnSite 2800 Series rear-panel ports are described in tableApplications overview Corporate multi-function virtual private network Corporate multi-function virtual private networkGeneral information Hardware installation Planning the installation Create a network diagram see section Network information onInstallation checklist Network information Power sourceSite log IP related informationInstalling the Ethernet cable Installing the VPN routerConnecting cables Location and mounting requirementsInstalling the serial WAN cable Connecting an OnSite 2800 Series device to a hubDCD Hardware installation Rear panel of 2803K/EUI Pins not listed are not used Rear panel of 2803K/UIConnecting to external power source Power connector location on rear panelUI and EUI power supplies automatically adjust to accept an Getting started with the OnSite Managed VPN Router Configure IP address IntroductionAll Ethernet interfaces are activated upon power-up Configure IP addressPower connection and default configuration Terminal emulation program settings 9600 bps No parity BitStop bit No flow control LoginSelect the context IP mode to configure an IP interface Changing the IP addressLoad configuration Connect the OnSite VPN Router to the networkRespectively from the host ping Load configuration Serial port configuration Serial port configuration task list Disabling an interfaceEnabling an interface Configuring the encapsulation for Frame Relay Example Configuring the serial encapsulation typePort Enter Frame Relay mode Configuring the LMI typeConfiguring the keep-alive interval Entering Frame Relay PVC configuration modeConfiguring the PVC encapsulation type Binding the Frame Relay PVC to IP interfaceMode PVC Enabling a Frame Relay PVC Disabling a Frame Relay PVCDisplaying serial port information CRCDisplaying Frame Relay information DlciIntegrated service access Configure the serial interface settings PortConfigure the introduced PVCs Check that the Frame Relay settings are correctT1/E1 port configuration T1/E1 port configuration task list Enable/Disable T1/E1 portConfiguring T1/E1 clock-mode Mode port e1t1 slot portConfiguring T1/E1 port-type Configuring T1/E1 line-codeConfiguring T1/E1 used-connector E1 only Configuring T1/E1 framingConfiguring T1/E1 line-build-out T1 only Name prt-e1t1 slot/port# framingConfiguring T1/E1 encapsulation Configuring T1/E1 application modeConfiguring T1/E1 LOS threshold Default short-haulMode channel-group group-name Be used Mode port e1t1 slot portConfiguring Channel-Group Timeslots Configuring Channel-Group EncapsulationT1/E1 Configuration Examples Configuring Hdlc CRC-TypeConfiguring Hdlc Encapsulation Default no encapsulationExample 1 Frame Relay without a channel-group Example 2 Framerelay with a channel-group Example 3 PPP without a channel-groupExample 4 PPP with a channel-group VPN configuration Authentication EncryptionVPN configuration task list Transport and tunnel modesCreating an IPsec transformation profile Procedure To create an IPsec policy profile Creating an IPsec policy profileNodecfg#profile ipsec-policy-man Creating/modifying an outgoing ACL profile for IPsec Configuration of an IP interface and the IP router for IPsec Displaying IPsec configuration informationDebugging IPsec Example Display IPsec transformation profilesExample Display IPsec policy profiles Example IPsec Debug OutputSample configurations OnSite configurationIPsec tunnel, DES encryption Cisco router configuration Cisco router configuration VPN configuration Access control list configuration About access control lists What access lists doWhy you should configure access lists When to configure access lists Features of access control listsAccess control list configuration task list Mapping out the goals of the access control listNodepf-acl name#permit ip src src-wildcard any Where the syntax is Src-wildcardNodepf-acl name#deny icmp src src-wildcard Nodepf-acl name#permit icmp src src-wildcard anyType type type type code code cos group Any host src dest dest-wildcard any host destWhere the syntax is as following Msg namePort lt port range from to cos group cos-rtp group Nodepf-acl name#permit tcp udp sctp src src-wildCard any host src eq port gt port lt port range Nodepf-acl name#deny tcp udp sctp src srcGroup-data Where the syntax is Unbind an access control list profile from an interface Displaying an access control list profileDebugging an access control list profile Control list profile shall be debugged Examples Denying a specific subnetLink scheduler configuration Configuring access control lists Configuring quality of service QoS Using traffic classesApplying scheduling at the bottleneck Weighted fair queuing WFQ Introduction to SchedulingPriority Shaping Burst tolerant shaping or wfqHierarchy Setting the modem rate Quick referencesSome explanations Link scheduler configuration task list Command cross referenceDefining the access control list profile Packet classificationCreating an access control list Scenario with Web server regarded as a single source hostNodepf-acl name#permit ip host ip-address any traffic-class Creating a service policy profileNodecfg#profile acl name Nodepf-acl name#permit ip any anyStructure of a Service-Policy Profile Defining fair queuing weight Specifying the handling of traffic-classesDefining absolute priority Specifying the type-of-service TOS fieldDefining the bit-rate Defining the maximum queue lengthNodesrc name#set ip tos value Specifying differentiated services codepoint Dscp markingSpecifying the precedence field Nodesrc name#set ip precedence valueSpecifying layer 2 marking Nodesrc name#set ip dscp valueNodesrc name#set layer2 cos value Defining random early detection Discarding Excess LoadNodesrc name#random-detect burst-tolerance Devoting the service policy profile to an interface Nodeif-ip if-name#use profile servicePolicy name in out Enable statistics gathering Displaying link arbitration statusDisplaying link scheduling profile information Values defining detail of the queuing statistics LEDs status and monitoring Status LEDs Contacting Patton for assistance Warranty coverage Contact informationPatton Support Headquarters in the USA Return for credit policy Out-of-warranty serviceReturns for credit RMA numbersAppendix a Compliance information Radio and TV Interference FCC Part SafetyCompliance CE Declaration of ConformityAuthorized European Representative FCC Part 68 Acta Statement Model 2803 onlyIndustry Canada Notice Model 2803 only Appendix B Specifications T1/E1 interface Model 2803 only Ethernet interfacesSync serial interface PPP supportManagement IP servicesDimensions Operating environmentPower supply Internal power supply 100-240 VAC, 50/60 Hz, 200 mAInternal AC version Appendix C Cabling Connecting a serial terminal Serial consoleEthernet 10Base-T and 100Base-T Ethernet cross-overEthernet straight-through Appendix D Port pin-outs Console port, RJ-45, EIA-561 RS-232 EIA-561 RJ-45 8-pin port RS-232 Console PortEthernet ports are auto-detect MDI-X Ethernet 10Base-T and 100Base-T portSync serial port Serial port21 Female DB-15 connector Appendix E OnSite 2800 Series factory configuration OnSite 2800 Series factory configuration Appendix F Installation checklist Installation checklist

Related manuals

Manual 8 pages 44.23 Kb